--- linux-2.6.11.11/include/linux/net.h	2005-03-02 12:38:53 +0100
+++ linux-2.6.11.11-vs2.0-rc3/include/linux/net.h	2005-06-01 14:34:17 +0200
@@ -61,6 +61,8 @@ typedef enum {
 #define SOCK_ASYNC_NOSPACE	0
 #define SOCK_ASYNC_WAITDATA	1
 #define SOCK_NOSPACE		2
+#define SOCK_PASS_CRED		3
+#define SOCK_USER_SOCKET	4
 
 #ifndef ARCH_HAS_SOCKET_TYPES
 /** sock_type - Socket types
--- linux-2.6.11.11/include/linux/net.h	2005-03-02 12:38:53 +0100
+++ linux-2.6.11.11-vs2.0-rc3/include/linux/net.h	2005-06-01 14:34:17 +0200
@@ -111,7 +113,6 @@ struct socket {
 	struct sock		*sk;
 	wait_queue_head_t	wait;
 	short			type;
-	unsigned char		passcred;
 };
 
 struct vm_area_struct;
--- linux-2.6.11.11/include/net/af_unix.h	2004-10-23 05:06:24 +0200
+++ linux-2.6.11.11-vs2.0-rc3/include/net/af_unix.h	2005-06-01 14:34:17 +0200
@@ -11,9 +11,9 @@ extern rwlock_t unix_table_lock;
 
 extern atomic_t unix_tot_inflight;
 
-static inline struct sock *first_unix_socket(int *i)
+static inline struct sock *next_unix_socket_table(int *i)
 {
-	for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
+	for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
 		if (!hlist_empty(&unix_socket_table[*i]))
 			return __sk_head(&unix_socket_table[*i]);
 	}
--- linux-2.6.11.11/include/net/af_unix.h	2004-10-23 05:06:24 +0200
+++ linux-2.6.11.11-vs2.0-rc3/include/net/af_unix.h	2005-06-01 14:34:17 +0200
@@ -22,16 +22,19 @@ static inline struct sock *first_unix_so
 
 static inline struct sock *next_unix_socket(int *i, struct sock *s)
 {
-	struct sock *next = sk_next(s);
-	/* More in this chain? */
-	if (next)
-		return next;
-	/* Look for next non-empty chain. */
-	for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
-		if (!hlist_empty(&unix_socket_table[*i]))
-			return __sk_head(&unix_socket_table[*i]);
-	}
-	return NULL;
+	do {
+		if (s)
+			s = sk_next(s);
+		if (!s)
+			s = next_unix_socket_table(i);
+	} while (s && !vx_check(s->sk_xid, VX_IDENT|VX_WATCH));
+	return s;
+}
+
+static inline struct sock *first_unix_socket(int *i)
+{
+	*i = 0;
+	return next_unix_socket(i, NULL);
 }
 
 #define forall_unix_sockets(i, s) \
--- linux-2.6.11.11/include/net/scm.h	2004-08-14 12:55:32 +0200
+++ linux-2.6.11.11-vs2.0-rc3/include/net/scm.h	2005-06-01 14:34:17 +0200
@@ -51,13 +51,13 @@ static __inline__ void scm_recv(struct s
 {
 	if (!msg->msg_control)
 	{
-		if (sock->passcred || scm->fp)
+		if (test_bit(SOCK_PASS_CRED, &sock->flags) || scm->fp)
 			msg->msg_flags |= MSG_CTRUNC;
 		scm_destroy(scm);
 		return;
 	}
 
-	if (sock->passcred)
+	if (test_bit(SOCK_PASS_CRED, &sock->flags))
 		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
 
 	if (!scm->fp)
--- linux-2.6.11.11/include/net/sock.h	2005-03-02 12:38:54 +0100
+++ linux-2.6.11.11-vs2.0-rc3/include/net/sock.h	2005-06-01 14:34:17 +0200
@@ -110,6 +110,10 @@ struct sock_common {
 	struct hlist_node	skc_node;
 	struct hlist_node	skc_bind_node;
 	atomic_t		skc_refcnt;
+	xid_t			skc_xid;
+	struct vx_info		*skc_vx_info;
+	nid_t			skc_nid;
+	struct nx_info		*skc_nx_info;
 };
 
 /**
--- linux-2.6.11.11/include/net/sock.h	2005-03-02 12:38:54 +0100
+++ linux-2.6.11.11-vs2.0-rc3/include/net/sock.h	2005-06-01 14:34:17 +0200
@@ -191,6 +195,10 @@ struct sock {
 #define sk_node			__sk_common.skc_node
 #define sk_bind_node		__sk_common.skc_bind_node
 #define sk_refcnt		__sk_common.skc_refcnt
+#define sk_xid			__sk_common.skc_xid
+#define sk_vx_info		__sk_common.skc_vx_info
+#define sk_nid			__sk_common.skc_nid
+#define sk_nx_info		__sk_common.skc_nx_info
 	volatile unsigned char	sk_zapped;
 	unsigned char		sk_shutdown;
 	unsigned char		sk_use_write_queue;
--- linux-2.6.11.11/net/core/sock.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/core/sock.c	2005-06-01 14:34:17 +0200
@@ -333,7 +336,10 @@ int sock_setsockopt(struct socket *sock,
 			break;
 
 		case SO_PASSCRED:
-			sock->passcred = valbool;
+			if (valbool)
+				set_bit(SOCK_PASS_CRED, &sock->flags);
+			else
+				clear_bit(SOCK_PASS_CRED, &sock->flags);
 			break;
 
 		case SO_TIMESTAMP:
--- linux-2.6.11.11/net/core/sock.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/core/sock.c	2005-06-01 14:34:17 +0200
@@ -557,7 +563,7 @@ int sock_getsockopt(struct socket *sock,
 			break; 
 
 		case SO_PASSCRED:
-			v.val = sock->passcred;
+			v.val = test_bit(SOCK_PASS_CRED, &sock->flags)?1:0;
 			break;
 
 		case SO_PEERCRED:
--- linux-2.6.11.11/net/core/sock.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/core/sock.c	2005-06-01 14:34:17 +0200
@@ -632,6 +638,8 @@ struct sock *sk_alloc(int family, int pr
 			sock_lock_init(sk);
 		}
 		sk->sk_slab = slab;
+		sock_vx_init(sk);
+		sock_nx_init(sk);
 		
 		if (security_sk_alloc(sk, family, priority)) {
 			kmem_cache_free(slab, sk);
--- linux-2.6.11.11/net/core/sock.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/core/sock.c	2005-06-01 14:34:17 +0200
@@ -662,6 +670,11 @@ void sk_free(struct sock *sk)
 		       __FUNCTION__, atomic_read(&sk->sk_omem_alloc));
 
 	security_sk_free(sk);
+	vx_sock_dec(sk);
+	clr_vx_info(&sk->sk_vx_info);
+	sk->sk_xid = -1;
+	clr_nx_info(&sk->sk_nx_info);
+	sk->sk_nid = -1;
 	kmem_cache_free(sk->sk_slab, sk);
 	module_put(owner);
 }
--- linux-2.6.11.11/net/core/sock.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/core/sock.c	2005-06-01 14:34:17 +0200
@@ -1210,6 +1223,11 @@ void sock_init_data(struct socket *sock,
 	sk->sk_stamp.tv_sec     = -1L;
 	sk->sk_stamp.tv_usec    = -1L;
 
+	set_vx_info(&sk->sk_vx_info, current->vx_info);
+	sk->sk_xid = vx_current_xid();
+	vx_sock_inc(sk);
+	set_nx_info(&sk->sk_nx_info, current->nx_info);
+	sk->sk_nid = nx_current_nid();
 	atomic_set(&sk->sk_refcnt, 1);
 }
 
--- linux-2.6.11.11/net/ipv4/af_inet.c	2005-03-02 12:39:09 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/af_inet.c	2005-06-01 14:34:17 +0200
@@ -266,8 +267,11 @@ static int inet_create(struct socket *so
 	if (!answer)
 		goto out_rcu_unlock;
 	err = -EPERM;
+	if ((protocol == IPPROTO_ICMP) && vx_ccaps(VXC_RAW_ICMP))
+		goto override;
 	if (answer->capability > 0 && !capable(answer->capability))
 		goto out_rcu_unlock;
+override:
 	err = -EPROTONOSUPPORT;
 	if (!protocol)
 		goto out_rcu_unlock;
--- linux-2.6.11.11/net/ipv4/tcp_minisocks.c	2005-03-02 12:39:10 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_minisocks.c	2005-06-01 14:34:17 +0200
@@ -364,6 +368,11 @@ void tcp_time_wait(struct sock *sk, int 
 		tw->tw_ts_recent_stamp	= tp->rx_opt.ts_recent_stamp;
 		tw_dead_node_init(tw);
 
+		tw->tw_xid		= sk->sk_xid;
+		tw->tw_vx_info		= NULL;
+		tw->tw_nid		= sk->sk_nid;
+		tw->tw_nx_info		= NULL;
+
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 		if (tw->tw_family == PF_INET6) {
 			struct ipv6_pinfo *np = inet6_sk(sk);
--- linux-2.6.11.11/net/ipv4/tcp_minisocks.c	2005-03-02 12:39:10 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_minisocks.c	2005-06-01 14:34:17 +0200
@@ -699,6 +708,8 @@ struct sock *tcp_create_openreq_child(st
 		newsk->sk_state = TCP_SYN_RECV;
 
 		/* SANITY */
+		sock_vx_init(newsk);
+		sock_nx_init(newsk);
 		sk_node_init(&newsk->sk_node);
 		tcp_sk(newsk)->bind_hash = NULL;
 
--- linux-2.6.11.11/net/ipv4/tcp_minisocks.c	2005-03-02 12:39:10 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_minisocks.c	2005-06-01 14:34:17 +0200
@@ -797,6 +808,12 @@ struct sock *tcp_create_openreq_child(st
 		newsk->sk_err = 0;
 		newsk->sk_priority = 0;
 		atomic_set(&newsk->sk_refcnt, 2);
+
+		set_vx_info(&newsk->sk_vx_info, sk->sk_vx_info);
+		newsk->sk_xid = sk->sk_xid;
+		vx_sock_inc(newsk);
+		set_nx_info(&newsk->sk_nx_info, sk->sk_nx_info);
+		newsk->sk_nid = sk->sk_nid;
 #ifdef INET_REFCNT_DEBUG
 		atomic_inc(&inet_sock_nr);
 #endif
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -287,7 +288,7 @@ static struct inode *sock_alloc_inode(st
 	ei->socket.ops = NULL;
 	ei->socket.sk = NULL;
 	ei->socket.file = NULL;
-	ei->socket.passcred = 0;
+	ei->socket.flags = 0;
 
 	return &ei->vfs_inode;
 }
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -531,7 +532,7 @@ static inline int __sock_sendmsg(struct 
 				 struct msghdr *msg, size_t size)
 {
 	struct sock_iocb *si = kiocb_to_siocb(iocb);
-	int err;
+	int err, len;
 
 	si->sock = sock;
 	si->scm = NULL;
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -542,7 +543,21 @@ static inline int __sock_sendmsg(struct 
 	if (err)
 		return err;
 
-	return sock->ops->sendmsg(iocb, sock, msg, size);
+	len = sock->ops->sendmsg(iocb, sock, msg, size);
+	if (sock->sk) {
+		if (len == size)
+			vx_sock_send(sock->sk, size);
+		else
+			vx_sock_fail(sock->sk, size);
+	}
+	vxdprintk(VXD_CBIT(net, 7),
+		"__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d",
+		sock, sock->sk,
+		(sock->sk)?sock->sk->sk_nx_info:0,
+		(sock->sk)?sock->sk->sk_vx_info:0,
+		(sock->sk)?sock->sk->sk_xid:0,
+		(unsigned int)size, len);
+	return len;
 }
 
 int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -580,7 +595,7 @@ int kernel_sendmsg(struct socket *sock, 
 static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock, 
 				 struct msghdr *msg, size_t size, int flags)
 {
-	int err;
+	int err, len;
 	struct sock_iocb *si = kiocb_to_siocb(iocb);
 
 	si->sock = sock;
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -593,7 +608,17 @@ static inline int __sock_recvmsg(struct 
 	if (err)
 		return err;
 
-	return sock->ops->recvmsg(iocb, sock, msg, size, flags);
+	len = sock->ops->recvmsg(iocb, sock, msg, size, flags);
+	if ((len >= 0) && sock->sk)
+		vx_sock_recv(sock->sk, len);
+	vxdprintk(VXD_CBIT(net, 7),
+		"__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d",
+		sock, sock->sk,
+		(sock->sk)?sock->sk->sk_nx_info:0,
+		(sock->sk)?sock->sk->sk_vx_info:0,
+		(sock->sk)?sock->sk->sk_xid:0,
+		(unsigned int)size, len);
+	return len;
 }
 
 int sock_recvmsg(struct socket *sock, struct msghdr *msg, 
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -1081,6 +1106,10 @@ static int __sock_create(int family, int
 	if (type < 0 || type >= SOCK_MAX)
 		return -EINVAL;
 
+	/* disable IPv6 inside vservers for now */
+	if (family == PF_INET6 && !vx_check(0, VX_ADMIN))
+		return -EAFNOSUPPORT;
+
 	/* Compatibility.
 
 	   This uglymoron is moved from INET layer to here to avoid
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -1188,6 +1217,7 @@ asmlinkage long sys_socket(int family, i
 	if (retval < 0)
 		goto out;
 
+	set_bit(SOCK_USER_SOCKET, &sock->flags);
 	retval = sock_map_fd(sock);
 	if (retval < 0)
 		goto out_release;
--- linux-2.6.11.11/net/socket.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/socket.c	2005-06-01 14:34:17 +0200
@@ -1218,10 +1248,12 @@ asmlinkage long sys_socketpair(int famil
 	err = sock_create(family, type, protocol, &sock1);
 	if (err < 0)
 		goto out;
+	set_bit(SOCK_USER_SOCKET, &sock1->flags);
 
 	err = sock_create(family, type, protocol, &sock2);
 	if (err < 0)
 		goto out_release_1;
+	set_bit(SOCK_USER_SOCKET, &sock2->flags);
 
 	err = sock1->ops->socketpair(sock1, sock2);
 	if (err < 0) 
--- linux-2.6.11.11/net/unix/af_unix.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/unix/af_unix.c	2005-06-01 14:34:17 +0200
@@ -861,7 +864,7 @@ static int unix_dgram_connect(struct soc
 			goto out;
 		alen = err;
 
-		if (sock->passcred && !unix_sk(sk)->addr &&
+		if (test_bit(SOCK_PASS_CRED, &sock->flags) && !unix_sk(sk)->addr &&
 		    (err = unix_autobind(sock)) != 0)
 			goto out;
 
--- linux-2.6.11.11/net/unix/af_unix.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/unix/af_unix.c	2005-06-01 14:34:17 +0200
@@ -952,7 +955,8 @@ static int unix_stream_connect(struct so
 		goto out;
 	addr_len = err;
 
-	if (sock->passcred && !u->addr && (err = unix_autobind(sock)) != 0)
+	if (test_bit(SOCK_PASS_CRED, &sock->flags)
+		&& !u->addr && (err = unix_autobind(sock)) != 0)
 		goto out;
 
 	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
--- linux-2.6.11.11/net/unix/af_unix.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/unix/af_unix.c	2005-06-01 14:34:17 +0200
@@ -1286,7 +1290,8 @@ static int unix_dgram_sendmsg(struct kio
 			goto out;
 	}
 
-	if (sock->passcred && !u->addr && (err = unix_autobind(sock)) != 0)
+	if (test_bit(SOCK_PASS_CRED, &sock->flags)
+		&& !u->addr && (err = unix_autobind(sock)) != 0)
 		goto out;
 
 	err = -EMSGSIZE;
--- linux-2.6.11.11/net/x25/af_x25.c	2005-03-02 12:39:11 +0100
+++ linux-2.6.11.11-vs2.0-rc3/net/x25/af_x25.c	2005-06-01 14:34:17 +0200
@@ -490,8 +490,10 @@ static int x25_create(struct socket *soc
 
 	x25 = x25_sk(sk);
 
-	sock_init_data(sock, sk);
-	sk_set_owner(sk, THIS_MODULE);
+	sk->sk_socket = sock;
+	sk->sk_type = sock->type;
+	sk->sk_sleep = &sock->wait;
+	sock->sk = sk;
 
 	x25_init_timers(sk);